Lee Nan Phin wrote:
> We are currently doing evaluation on firewall products. We would
> appreciate if someone would help us clarify some of the issues:-
> 1. Milkyway SecurIT firewall. Can someone who has been using this product
> give some feedback? How is the product as compared to Firewall-1.
> 2. I was told that NT 4.0 has some security flaws, so if I run the
> firewall-1 on top of NT 4.0, what are the risks?
> 3. I was told that recently someone has managed to breakinto Checkpoint
> and copied out their software source code, is it true?
Before people actually think that this last item is valid, let me say
that it is *not* true, and explain how this rumor started:
We provide a shell script with our product called "fwinfo" that runs a
series of commands (ifconfig, netstat, etc) to evaluate how tcp/ip has
been configured on the firewall, as well as to determine what version of
FireWall-1 is running and its configuration. Our tech support staff asks
our customers to run it and email back the resulting file to us to help
speed problem determination.
If you read the shell script, the first couple comment lines of this
file in version 2.1 went something like this:
# THIS IS UNPUBLISHED PROPRIETARY SOURCE CODE OF CHECK POINT SOFTWARE
# TECHNOLOGIES LTD. ...
.. and so on, followed by the actual commands I mentioned before. Well,
it appears some guy took this file (which is available to anyone who has
installed FireWall-1) and posted it to a newsgroup, claiming it was
FireWall-1 source code. Other mis-informed people saw this, and assumed
that the firewall code had been compromised, thinking it actually was
source code! (I guess they didn't bother to read the whole file.)
So, just to re-iterate, no one ever posted the source code of FireWall-1
to the outside world. What was posted was simply a shell script that
provides our tech support with more information about a particular
Brian Connolly brian @
Business Development Engineer 415.562.0400, ext 252
Check Point Software Technologies fax 415.562.0410
From: Lee Nan Phin <nplee @